本文介绍了如何在WordPress中禁用主题和插件编辑器以提高安全性,以及编辑主题和插件文件的正确方法,包括使用FTP客户端和代码编辑器。
wordpress编辑插件
Did you know that WordPress comes with a built-in theme and plugin editor? This plain code editor allows you to edit your theme and plugin files directly from the WordPress dashboard.
您是否知道WordPress带有内置主题和插件编辑器? 这个纯代码编辑器允许您直接从WordPress仪表板编辑主题和插件文件。
Now, this may sound really helpful, but it can also lead to issues such as breaking your site and potential security issues when combined with other vulnerabilities.
现在,这听起来确实很有帮助,但是当与其他漏洞结合使用时,也可能导致诸如破坏站点和潜在的安全性问题等问题。
In this article, we will explain why and how to disable theme and plugin editors from the WordPress admin area.
在本文中,我们将解释为什么以及如何从WordPress管理区域禁用主题和插件编辑器。
为什么要在WordPress中禁用主题和插件编辑器? (Why Disable Theme and Plugin Editors in WordPress?)
WordPress comes with a built-in code editor which allows you to edit WordPress theme and plugin files directly from the admin area.
WordPress带有内置的代码编辑器,可让您直接从管理区域编辑WordPress主题和插件文件。
The theme editor is located at Appearance » Theme Editor page. By default, it will show your currently active theme’s files.
主题编辑器位于外观»主题编辑器页面。 默认情况下,它将显示您当前活动的主题的文件。
Similarly, the plugin editor can be seen at Plugins » Plugin Editor page. By default, it will show you one of the installed plugins from your site that comes up first in the alphabatical order.
同样,可以在“ 插件»插件编辑器”页面上看到插件编辑器 。 默认情况下,它将向您显示站点中已安装的插件中的一个,并按字母顺序顺序显示。
If you visit the theme or plugin editor page for the first time, WordPress will warn you that using the editor can break your website.
如果您是第一次访问主题或插件编辑器页面,WordPress会警告您使用该编辑器可能会破坏您的网站。
In WordPress 4.9, theme and plugin editors were upgraded to protect users from accidentally breaking their website. In most cases, the editor will catch a fatal error and will revert back the changes.
在WordPress 4.9中 ,主题和插件编辑器已升级,以保护用户避免意外破坏其网站。 在大多数情况下,编辑器将捕获一个致命错误,并将还原所做的更改。
However, this is not guaranteed and some code may still slip through and you would end up losing access to the WordPress admin area.
但是,这不能保证,某些代码可能仍然会漏掉,最终您将失去对WordPress管理区域的访问权限 。
The biggest problem with the built-in file editor is that it gives full access to add any kind of code to your website.
内置文件编辑器的最大问题是,它具有完全访问权限,可以向您的网站添加任何类型的代码。
If a hacker broke into your WordPress admin area, then they can use the built-in editor to gain access to all your WordPress data.
如果黑客闯入了您的WordPress管理区域,那么他们可以使用内置编辑器来访问您所有的WordPress数据。
Hackers can also use it to distribute malware or launch DDOS attacks from your WordPress website.
黑客还可以使用它来分发恶意软件或从您的WordPress网站发起DDOS攻击 。
To improve WordPress security, we recommend removing the built-in file editors completely.
为了提高WordPress的安全性 ,我们建议完全删除内置文件编辑器。
That being said, let’s see how to easily disable theme and plugin editors in WordPress.
话虽如此,让我们看看如何在WordPress中轻松禁用主题和插件编辑器。
如何在WordPress中禁用主题和插件编辑器 (How to Disable Theme and Plugin Editors in WordPress)
Disabling theme and plugin editors in WordPress is quite easy.
在WordPress中禁用主题和插件编辑器非常容易。
Simply edit your wp-config.php file and paste the following code just before the line that says ‘That’s all, stop editing! Happy publishing’ :
只需编辑您的wp-config.php文件 ,并将以下代码粘贴在“就这样,停止编辑! 祝您出版愉快 :
define( 'DISALLOW_FILE_EDIT', true );
You can now save your changes and upload the file back to your website.
您现在可以保存所做的更改,并将文件上传回您的网站。
That’s all, plugin and theme editors will now disappear from themes and plugins menus in the WordPress admin area.
就是这样,插件和主题编辑器现在将从WordPress管理区域中的主题和插件菜单中消失。
You can also add this line of code to your theme’s functions.php file, a site-specific plugin, or by using the code snippets plugin.
您还可以将这行代码添加到主题的functions.php文件( 特定于站点的插件)中 ,或使用代码段插件添加。
If you don’t want to edit the files directly, then you can install the Sucuri WordPress plugin which offers 1-click hardening feature.
如果您不想直接编辑文件,则可以安装提供一键式强化功能的Sucuri WordPress插件。
编辑WordPress主题和插件文件的正确方法 (Proper Way to Edit WordPress Theme and Plugin Files)
Many users actually use WordPress theme and plugin editors to look up the code, add custom CSS, or editing code in their child themes.
许多用户实际上使用WordPress主题和插件编辑器来查找代码,添加自定义CSS或在其子主题中编辑代码。
If you only want to add custom CSS to your theme, then you can do so by using the theme customizer located under Appearance » Customize.
如果只想向主题添加自定义CSS,则可以使用外观»自定义下的主题定制器来进行。
For more details, see our guide on how to add custom CSS in WordPress without breaking your site.
有关更多详细信息,请参见有关如何在WordPress中添加自定义CSS而不破坏您的网站的指南。
If you want to look up the code in a plugin, then you can do so by using an FTP client.
如果您想在插件中查找代码,则可以使用FTP客户端进行查找。
For better file management and syntax highlighting, you can use one of these code editors for editing WordPress files on your computer.
为了更好的文件管理和语法突出显示,您可以使用以下代码编辑器之一来编辑计算机上的WordPress文件 。
Last but not least, you can also create a custom WordPress theme without writing any code.
最后但并非最不重要的一点是,您也可以创建自定义WordPress主题而无需编写任何代码。
We hope this article helped you learn how to easily disable theme and plugin editors from WordPress admin panel. You may also want to see our ultimate guide to improving WordPress performance and speed.
我们希望本文能帮助您学习如何从WordPress管理面板轻松禁用主题和插件编辑器。 您可能还想看看我们有关提高WordPress性能和速度的最终指南。
If you liked this article, then please subscribe to our YouTube Channel for WordPress video tutorials. You can also find us on Twitter and Facebook.
如果您喜欢这篇文章,请订阅我们的YouTube频道 WordPress视频教程。 您也可以在Twitter和Facebook上找到我们。
wordpress编辑插件
扫一扫
1322
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
